@slidev/cli — Greenflagged

Presentation slides for developers

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

antfu_kerman

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@shikijs/vitepress-twoslash	AI (dependencies): Shiki twoslash integration; expected for slidev's code highlighting.	ai	2026/05/30
dependencies	unvetted-dep:markdown-it-mdc	AI (dependencies): Markdown extension for MDC syntax; expected dependency for slidev's markdown pipeline.	ai	2026/05/30
dependencies	unvetted-dep:shiki-magic-move	AI (dependencies): Shiki-based animation library by same author (antfu); expected for slidev.	ai	2026/05/30
dependencies	unvetted-dep:magic-string-stack	AI (dependencies): Source-map utility; expected for slidev's build pipeline.	ai	2026/05/30
dependencies	unvetted-dep:@iconify-json/carbon	AI (dependencies): Icon set; expected bundled asset for slidev UI.	ai	2026/05/30
dependencies	unvetted-dep:@unocss/extractor-mdc	AI (dependencies): UnoCSS extractor; expected for slidev's CSS pipeline.	ai	2026/05/30
dependencies	unvetted-dep:@lillallol/outline-pdf	AI (dependencies): PDF outline utility; expected for slidev's PDF export feature.	ai	2026/05/30
dependencies	unvetted-dep:@iconify-json/svg-spinners	AI (dependencies): Icon set; expected bundled asset for slidev UI.	ai	2026/05/30
dependencies	unvetted-dep:obug	AI (dependencies): obug is a legitimate debug-replacement package; replaces debug in this version, consistent with ecosystem author's tooling.	ai	2026/05/26
phantom-deps	phantom-dep:@shikijs/twoslash	AI (phantom-deps): Used via @shikijs/vitepress-twoslash integration; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@iconify-json/carbon	AI (phantom-deps): Icon data loaded at runtime; stable false positive.	ai	2026/05/14
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @slidev/cli is the official Slidev CLI; no relation to joi.	ai	2026/05/14
phantom-deps	phantom-dep:@iconify-json/svg-spinners	AI (phantom-deps): Icon data loaded at runtime; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@unocss/extractor-mdc	AI (phantom-deps): UnoCSS extractor loaded via config; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:local-pkg	AI (phantom-deps): Used indirectly via plugin/config resolution in this monorepo CLI; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:typescript	AI (phantom-deps): TypeScript is a peer/tooling dep used by jiti/tsdown at runtime; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:htmlparser2	AI (phantom-deps): Used indirectly in markdown processing pipeline; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:magic-string	AI (phantom-deps): Used via magic-string-stack and other plugins; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:resolve-from	AI (phantom-deps): Used in module resolution helpers; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@unocss/reset	AI (phantom-deps): Bundled asset dep for UnoCSS; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:monaco-editor	AI (phantom-deps): Loaded dynamically for editor feature; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@iconify-json/ph	AI (phantom-deps): Icon data loaded at runtime by unplugin-icons; stable false positive.	ai	2026/05/14